Harbor 'Ping()' Function Server-Side Cross-Site Forgery Vulnerability

Harbor is an open source, enterprise-grade registry server that also provides advanced security features such as user management, access control and activity auditing. A server-side cross-site forgery vulnerability exists in the 'Ping' function of the ui/api/targets.go file in Harbor 1.3.0-rc4 an...

Server side request forgery (ssrf)

The Ping function in ui/api/target.go in Harbor through 1.3.0-rc4 has SSRF via the endpoint parameter to /api/targets/ping...